<?php
// Auction Center PHP Script by Colton Fouse (coltonfouse@gmail.com)
include("config.php");
$searching = isset($_REQUEST['searching']) ? $_REQUEST['searching'] : false;
$find = isset($_REQUEST['find']) ? $_REQUEST['find'] : false;
$field = isset($_REQUEST['field']) ? $_REQUEST['field'] : false;

echo("<html xmlns=\"http://www.w3.org/1999/xhtml\">

	<head>
		<meta http-equiv=\"content-type\" content=\"text/html;charset=utf-8\" />
		<title>$title</title>
	</head>

	<body bgcolor=\"#ffffff\">
		<center>
		<h1>$title - Search</h1>");
?>
<form name="search" method="post" action="<?=$PHP_SELF?>">
  Search for: <input type="text" name="find" /> in
  <Select NAME="field">
    <Option VALUE="buyer">Buyer</option>
    <Option VALUE="lot">Lot</option>
    <Option VALUE="itemdesc">Description</option>
    <Option VALUE="price">Price</option>
    <Option VALUE="notes">Notes</option>
  </Select>
<br><br>
  <input type="hidden" name="searching" value="yes" />
  <input type="submit" name="search" value="Search" />
</form>

<?php
  if ($searching =="yes"){
    echo "<h3>Search Results For: " .$find. "</h3><p>";
    if ($find == ""){
      echo "<b>Please enter a search term!</b>";
      exit;
    }
   
    $find = strtoupper($find);
    $find = strip_tags($find);
    $find = trim ($find);

	mysql_select_db($ItemDB, $conn);
	
    $query = mysql_query("SELECT * FROM $ItemDB.items WHERE $field LIKE'%$find%'");
    $matches=mysql_num_rows($query);
    echo "<center>Search Results: " .$matches;
    echo "<table width=\"80%\"><tr><td><b>Entry</b></td><td><b>Buyer</b></td><td><b>Lot</b></td><td><b>Price</b></td><td><b>Amount</b></td><td><b>Description</b></td><td><b>Timestamp</b></td><td><b>Notes</b></td></tr>";
    while($result = mysql_fetch_array($query)){
      echo "<tr><td align=\"center\">";
      echo $result['entry'];
      echo "</td><td align=\"center\">";
      echo $result['buyer'];
      echo "</td><td align=\"center\">";
      echo $result['lot'];
      echo "</td><td align=\"center\">";
      echo $result['price'];
      echo "</td><td align=\"center\">";
      echo $result['amount'];
      echo "</td><td>";
      echo $result['itemdesc'];
      echo "</td><td>";
      echo $result['time'];
      echo "</td><td>";
      echo $result['notes'];
      echo "</td></tr>";
    }
    echo "</table></center>";
    

    if ($matches == 0){
      echo "Sorry, no results match your search.";
    }
  }
?> 
	</body>

</html>